Quick Tip: Discovering service start accounts

Do you know which accounts are used to start the services running on your machines? if you need this information try:

Get-WmiObject -Class Win32_Service | select Name, DisplayName, StartName

For a remote machine this becomes

Get-WmiObject -Class Win32_Service -ComputerName Win7 | select Name, DisplayName, StartName

And for testing which services are started by a specific account use:

Get-WmiObject -Class Win32_Service -ComputerName Win7 | where {$_.StartName -eq 'NT Authority\LocalService'} | select Name, DisplayName, StartName

I wanted to use a WMI filter instead of Where-Object but it didn’t want to work

Published Tue, Jun 28 2011 22:48 by RichardSiddaway
Filed under: ,

Comments

# re: Quick Tip: Discovering service start accounts

Try adding double slash in the filter.

Get-WmiObject -Class Win32_Service -Filter {Startname = 'NT Authority\\LocalService'}

It probably needed to be escaped.

Tuesday, June 28, 2011 7:33 PM by Chad Miller

# re: Quick Tip: Discovering service start accounts

Doh

Thanks for reminding me.  

Thats what happens when you write a post late in the evening :-)

Wednesday, June 29, 2011 12:46 PM by RichardSiddaway

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: